CVE Vulnerability

CVE-2022-30305

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://fortiguard.com/psirt/FG-IR-21-170 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Information

Published : 2022-12-06 05:15

Updated : 2022-12-08 04:24

NVD link : CVE-2022-30305

Mitre link : CVE-2022-30305

Products Affected
No products.
CWE
NVD-CWE-Other